WebApp Sec mailing list archives
Cookie Secure Attribute - Clarification
From: John Wilander <john.wilander () owasp org>
Date: Sat, 27 Feb 2010 12:44:50 +0100
2010/2/26 arvind doraiswamy <arvind.doraiswamy () gmail com>
A little bit of clarification needed about the 'Secure' attribute to be set in a Cookie.
Hi Arvind! Just to be sure: 1. Is the problem that your web server sends secure cookies to the client over http (i e in cleartext)? 2. Is the problem that the client's browser sends secure cookies back to the server over http? 3. Is the problem both of the above? If the web server is (part of) the problem, could you tell us which one you're using? Regards, John -- John Wilander Chapter leader OWASP Sweden Conference chair OWASP AppSec Research 2010 http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 27)
- Message not available
- Re: [Webappsec] Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 27)
- Message not available
- Message not available
- Cookie Secure Attribute - Clarification John Wilander (Feb 27)
- Re: Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 28)
- Re: Cookie Secure Attribute - Clarification 51l3n73y3s (Mar 01)
- Cookie Secure Attribute - Clarification John Wilander (Feb 27)